Rapid7 Vulnerability & Exploit Database

Red Hat OpenShift: CVE-2015-8851: nodejs-node-uuid: insecure entropy source - Math.random()

Back to Search

Red Hat OpenShift: CVE-2015-8851: nodejs-node-uuid: insecure entropy source - Math.random()

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
06/18/2018
Created
07/25/2018
Added
06/18/2018
Modified
12/02/2019

Description

It was found that NodeJS node-uuid used Math.random() to create a GUID (Globally Unique Identifier) which does not provide enough entropy (on some platforms it only provides 32 bits) which can result in collisions of GUIDs. An attacker could use this to guess GUID values and leverage further attacks against a system using node-uuid.

Solution(s)

  • linuxrpm-upgrade-atomic-openshift

References

  • linuxrpm-upgrade-atomic-openshift

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;